ELECTRICFISH is a malware variant that targets Windows systems and is used by the advanced persistent threat (APT) group HIDDENCOBRA, aka Lazarus Group, attributed to North Korea. The US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) analyzed the malware and found that it contained a custom protocol that permits traffic to be funneled between source IP and destination IP addresses, allowing traffic to travel through proxies to outside a victim network, bypassing authentication requirements. This can be used by attackers to covertly exfiltrate data and stay hidden in the network.

Reporting and Technical Details

  • DHS and FBI released a Malware Analysis Report (MAR) on ELECTRIC FISH, MAR-10135536-21.